[Snort-devel] Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Matt Dillon dillon at ...146...
Fri Dec 8 02:38:09 EST 2000


:>     or with a redirect from tcpdump on a shell line,
:
:Assuming, as I suspect is the case, that they're using the same command
:on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on
:Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp".

    It amounts to the same thing, since -w does nothing more then an
    fopen(..."w").  You get a pidly 8K buffer out of that, and it isn't
    even double buffered.

    But I think the last poster had it right... if the bpf buffer size
    was not changed from the default 4096, just about anything can interrupt
    the packet flow.

						-Matt




More information about the Snort-devel mailing list